Microsoft India’s Online Store Loses Passwords to Hackers

Microsoft India’s online store (microsoftstore.co.in) was reportedly hacked by two Chinese hackers, known as the Evil Shadow Team. The homepage of the store was replaced by a picture of a man wearing a Guy Fawkes mask, with a message that says “Unsafe system will be baptized.” Contact information, such as the team’s name, blog URL and email address, was also included.

At the time of writing, Microsoft had regained control of the website and is working to restore it, leaving a short message on the homepage:

The Microsoft Store India is currently unavailable. Microsoft is working to restore access as quickly as possible. We apologize for any inconvenience this may have caused.

The amount of lost business due to the downtime is rather insignificant, considering the damage done by the compromised user database. These data, including customer’s full name, email address, shipping address, order details, and more importantly, password, are stored in plain text. In other words, customers who are using the same email address and password across multiple services are at grave risk of having other accounts compromised, too.

Microsoft Store India has since sent out email notifications to its customers, notifying them of the security breach and advising them to immediately change their passwords. The email confirmed that payment information, such as credit card details, are not affected by the breach.